Berlin The European Court of Justice (ECJ) has announced its long-awaited decision on the German regulation of data retention: According to this, EU law precludes general and indiscriminate retention of traffic and location data, unless there is a serious threat to national security. Two telecommunications providers had sued. Data retention is currently suspended in this country.
The ECJ stated that member states can provide for targeted retention and immediate backup of such data as well as general and indiscriminate storage of IP addresses to combat serious crime. The principle of proportionality must be strictly observed.
With today’s judgment, the Court of Justice confirmed its previous case law. While security politicians and investigators praise data retention as an important tool in the fight against organized crime and terrorism, civil rights activists and consumer advocates criticize it as excessive surveillance.
With the current verdict, the already controversial debate on data retention in Germany is likely to be rekindled. He recently asked Federal Interior Minister Nancy Faeser (SPD) to reintroduce data retention with a view to prosecuting child pornography.
Top jobs of the day
Find the best jobs now and
be notified by email.
Federal Justice Minister Marco Buschmann (SPD), on the other hand, promised when he took office that he wanted to finally remove data retention without cause from the law.
Buschmann wants “quick freeze”
At the time, Buschmann advocated a “quick freeze”. In the process, telecommunications and Internet services would have to quickly back up data on a specific occasion by order of a judge so that the police and public prosecutor’s office could then evaluate them. Buschmann should now want to put this initiative into practice. The minister wants to make a statement in the early afternoon.
Data retention means storing communication data without cause. This is not about capturing content, but about securing traffic data for a legally specified period of time.
In the case of telephone calls, whether mobile or landline, the telephone numbers, the times of the telephone calls and the duration of the calls are saved. In the case of mobile phones, the location data of the caller and the person being called are also recorded. In the case of SMS or MMS messages, the phone numbers and the sending and receiving times are registered. In addition, the stored data proves who uses which IP address on the Internet, when and for how long.
Both must work together to legally re-regulate data retention.
(Photo: IMAGO/Future Image)
Data retention was introduced in Germany at the end of 2007 because an EU directive provided for it. However, the data was only collected in the years 2008 to 2010.
Because data retention quickly ended up in court: almost 35,000 citizens complained in the largest class action lawsuit in the history of the Federal Constitutional Court to date. First of all, in 2008, the constitutional authorities severely restricted the use of retained data as part of an expedited procedure. With the judgment in 2010, the Federal Constitutional Court then declared the law to be unconstitutional and void.
However, the court stated that a constitutional design of data retention is possible in principle, albeit with strict requirements. In 2014, however, the ECJ declared the 2006 EU directive to be void.
German solo effort
However, this did not prevent the then grand coalition of the CDU and SPD from reintroducing data retention in 2015, albeit with shorter storage periods and a reduced storage volume. The law was scheduled to come into force on July 1, 2017. However, after a decision by the Higher Administrative Court in Münster, data retention in Germany has been suspended.
However, SpaceNet AG and Telekom Deutschland GmbH, which offer Internet access services and – in the case of Telekom – also telephone services, had brought an action before the Cologne Administrative Court for a declaration that they were not obliged to retain certain traffic data relating to their customers.
In the appeal proceedings before the Federal Administrative Court, the judges submitted the question to the ECJ as to whether the data retention obligation provided for in German law was compatible with Union law.
In a statement, the ECJ now stated that national legislation must ensure through “clear and precise rules” that the data subjects are protected against misuse when storing the data in question. The obligation to retain data provided for in the German Telecommunications Act (TKG) therefore extends to an “extensive set of traffic and location data” that would be stored for ten or four weeks.
This could enable “very precise conclusions about the private life” of people – for example about habits of daily life, permanent or temporary whereabouts, daily or different rhythms of location, activities carried out, social relationships of these people and the social environment in which they frequented . It would also be possible to create a profile of the people whose data would be stored.
The judges see this as an encroachment on fundamental rights, which requires a separate justification.
The ECJ had already set strict limits on storage without cause in previous judgments. The line of the judges was quite clear: The storage of communication data without cause therefore violates EU law. An exception applies in the event of an acute threat to national security. In this case, a time-limited, justified data storage may be permissible.
Now it’s the traffic light’s turn. The coalition agreement between the SPD, Greens and FDP states that regulations on data retention would be designed in such a way “that data can be stored in a legally secure, event-related manner and by judicial decision”.
More: State surveillance: Account inquiries have recently increased “almost exponentially”.